Google Chrome Multiple vulnerabilities

Systems Affected
Windows
OS X
Linux variants
Android

Threat Level

Overview

A number of vulnerabilities have been identified in Google Chrome for Windows, Mac and Linux prior to version 36.0.1985.125 and Google Chrome for Android prior to version 36.0.1985.122. [1, 2]

Description

The vendor has provided the following details regarding these
Issues:
Chrome for Windows, Mac and Linux: "This update includes 26 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting.
Please see the Chromium security page for more information.
[$2000][380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider.
As usual, our ongoing internal security work responsible for a wide range of fixes:
[393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives.
Many of the above bugs were detected using AddressSanitizer." [1]
Chrome for Android: "[$3000][352083] High CVE-2014-3159: Omnibox URL Spoofing (Android). Credit to Keita Haga.
[334204] Medium CVE-2014-3161: Same origin policy bypass (Android).
Credit to Håvard Molland from Opera" [2]

Impact

Solution/ Workarounds

The vendor recommends updating to the latest versions of Google Chrome to correct these issues. [1, 2]

References

http://auscert.org.au/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.